Share via

Upcoming policy updates will impact Azure App Service managed certificates as of 28 July 2025 - not sure if it applies to me

Gerry High 0 Reputation points
2025-08-15T16:45:27.0466667+00:00

I have gotten multiple emails about policy updates that will impact certificate renewal. I've gone through the email and although our endpoints are publicly accessible we have not ever setup anything with Traffic Manager and do not have a profile. I'm trying to figure out if I will be impacted when renewal happens next month.

While the majority of certificates won't be impacted, you'll no longer be able to create or renew certificates as of 28 July 2025 if:

  • Your app is only accessible privately via IP restrictions, private endpoints, or any other method that restricts public access. Public accessibility will be required. 
  • Your app uses nested or external endpoints. Only Azure endpoints using Azure Traffic Manager will be supported. 
  • Your app relies on *.trafficmanager.net domains. Traffic Manager domain certificates will no longer be supported.  If any of the scenarios above apply to you, you'll need to update your secure sockets layer (SSL) certificate management approach before your current certificate expires.

My app uses Azure endpoints with public endpoints. However, we are not using Azure Traffic Manager. Does this mean that we will be required to use Traffic Manager? This article seems vague.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shree Hima Bindu Maganti 5,480 Reputation points Microsoft External Staff Moderator
    2025-08-18T02:26:00.0766667+00:00

    Hi @Gerry High
    Based on the information provided, since your app uses Azure endpoints with public accessibility and does not utilize Azure Traffic Manager, you should not be impacted by the upcoming policy changes regarding the renewal of Azure App Service Managed Certificates (ASMC) on July 28, 2025. The key points from the policy updates indicate that the restrictions apply to apps that are not publicly accessible, use nested or external endpoints, or rely on *.trafficmanager.net domains.

    Since you confirmed that your app is publicly accessible and does not use Traffic Manager, you should be able to continue renewing your certificates without needing to make any changes.

    References:

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.